SSL certificate considerations when integrating LANGuardian data with other applications.

When you use the LANGuardian web user interface, all data transmitted between your web browser and the LANGuardian system is based on the HTTPS protocol, which uses SSL (Secure Sockets Layer) certification to encrypt data and keep it secure.

The first time you access a LANGuardian page with your web browser, you will see an error message that says your browser does not recognise the digital certificate presented by LANGuardian.

This is not unique to LANGuardian; it is a common problem with secure websites. The problem can be resolved very simply by telling your browser to trust the website concerned. From then on, you will not see the error message. You can also resolve the problem in other ways – for example, you can add a trusted certificate to LANGuardian or, in an Active Directory environment, deploy a self-signed certificate across your network via a group policy object.

The certificate problem can be more troublesome when you want to integrate LANGuardian data into other applications. LANGuardian makes data integration possible by providing a REST API that enables you to request traffic data by specifying a URL, for example:

You can configure LANGuardian to respond to REST API requests over HTTP or over HTTPS. Go to the Configuration page, scroll down to the Web server section, click REST API configuration, and then click the radio button for the protocol you want to use.

LANGuardian will return an error if it receives a REST API request over the protocol it is not configured to use.

Both protocols, HTTP and HTTPS, have their advantages.

If you request data over HTTP, LANGuardian simply delivers the requested data to the application. Your browser or application needs no configuration. However, the data returned by LANGuardian is not encrypted and could possibly be intercepted.Since LANGuardian is typically deployed in secure environments, most network administrators consider the reduced security a worthwhile compromise for the increased ease of deployment.This is the default setting.

If you request data over HTTPS, the data is encrypted but performance is marginally slower, and you can run into configuration problems because the requesting application might be configured to reject the data in the absence of a trusted certificate.There are many ways to resolve the problems that arise with responding to REST API requests over HTTPS. If the requesting application is browser-based, the easiest solution is to simply visit the LANGuardian home page and trust the certificate when prompted. However, this is not always a practical option because users of the requesting application might not have access to LANGuardian. More generally, alternatives that require action by individual users are best avoided because every browser and application handles certificate errors differently. This is an enormous source of confusion for users and system administrators.

The table below summarizes the pros and cons of each method.

Find out more

If you have any questions about how LANGuardian can meet your requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.

Talk to us now

Talk to NetFort today. Contact us at sales@netfort.com or call us at +353 91 426 565.